Privacy Policy

Last updated: February 2026

Information We Collect

We collect the following information when you use TextKit API:

• Email address — Required for account creation and communication
• Name — Optional, provided during registration
• Password — Stored as a bcrypt hash, never in plain text
• Stripe customer ID — Generated when you create a subscription
• API usage logs — Including endpoint accessed, timestamp, and tokens used
• Session cookies — A single httpOnly JWT cookie for authentication

How We Use Your Information

We use your information for the following purposes:

• Account creation and authentication
• Processing subscription billing through Stripe
• Tracking API usage and enforcing rate limits based on your subscription tier
• Improving the service and analyzing usage patterns
• Communicating service updates, billing issues, or security notifications

Third-Party Services

We share limited data with the following third-party services:

• Stripe — Processes payments and manages subscriptions. Stripe receives your email address and payment information. We store only your Stripe customer ID.
• OpenAI — Processes text content you submit through the API. Your input text is sent to OpenAI for AI-powered processing. OpenAI does not receive your email, account information, or API keys.

Neither service receives your password. Stripe and OpenAI operate under their own privacy policies.

Data Storage & Security

Your data is stored in a SQLite database on secure servers. We implement the following security measures:

• Passwords are hashed using bcrypt and never stored in plain text
• All connections to the API and website are encrypted using HTTPS
• API keys are stored as SHA-256 hashes in the database
• Database uses WAL (Write-Ahead Logging) mode for data integrity

Cookies

We use a single httpOnly session cookie containing a JWT (JSON Web Token) for authentication. This cookie is:

• Set only when you log in
• HttpOnly and secure (HTTPS-only in production)
• Used solely for authentication, not tracking

We do not use analytics cookies, tracking cookies, or third-party cookies.

Data Retention

• Account data — Retained until you request deletion of your account
• API usage logs — Retained for 90 days, then automatically deleted
• Stripe billing records — Maintained by Stripe according to their retention policy

Your Rights

Under PIPEDA (Canada's Personal Information Protection and Electronic Documents Act), you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for data processing

To exercise these rights, email us at support@textkitapp.com. We will respond within 30 days.

Children's Privacy

TextKit API is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of material changes by email or through a notice on our website. Your continued use of the service after such changes constitutes your acceptance of the updated policy.

Contact

Questions about this policy? Email us at support@textkitapp.com.